-
-
Notifications
You must be signed in to change notification settings - Fork 740
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
android trust store #610
Comments
@dten Can you make a PR here? This will be better. |
I'll flesh out the missing parts and neaten things up for a PR if this is something that is likely to be accepted |
This is how Android deals with loading the certs for java by the way |
My intuition is that this'd live outside of rust-openssl itself in the same way that openssl-probe does, but that things like native-tls would pull it in when targeting Android. |
|
It wouldn't work exactly like openssl-probe at an API level (it'd probably instead fill in an |
Would this be possible to do without having to intervene in every crate that used openssl? |
It'd hopefully only need to be done on things that are explicitly targeting Android and things that want to "magically" just work like native-tls. I want to keep the magic out of openssl itself, since it opens a pretty huge can of worms. Android isn't the only platform that'd need special support to integrate with the system - we'd need to do similar things on Windows and macOS. |
I've updated @dten's patch from seanmonstar/reqwest#70 in cpick/rust-openssl@c5f6616 to get it working on the (As an aside, @dten: are you still using that patch or have you found a different solution?) |
I do not currently have another solution as this sufficed for my needs |
We've had some issues using crates that use openssl for https etc because android's trust store works differently (https://nelenkov.blogspot.co.uk/2011/12/ics-trust-store-implementation.html)
We had a bit of discussion on how to get this working in reqwest as myself and @king6cong also was having the issue seanmonstar/reqwest#70
After some attemps I settled on this (very rough) fix, I'm not 100% happy with it, though it does mean it works for all crates the use openssl without needed to change them.
dten@72da006
Since this crate takes the responsibility of loading the default certificates it feels like this is the right place to fix this but I wondered if there was preferred way.
The text was updated successfully, but these errors were encountered: